Banks Can’t Do IT Alone
Community banks have faced many changes in the last decade. In addition to the growth in online and mobile banking technology and mounting regulatory compliance requirements, community banks must now also worry about IT network security. Since technology plays a crucial role in delivering the financial institution’s services, this adds extra pressure to community bank network administrators and IT officers.
IT security ranks as a primary concern for all financial institutions. In fact, for US-based community banks, the responsibility of securing confidential customer information is mandated by the Gramm-Leach-Bliley Act of 1999. This law established that financial institutions must protect their IT networks from attack, and identify any possible breaches that manage to bypass these protections. According to the FFIEC, good security starts with a comprehensive risk assessment. IT administrators must then create a plan to apply administrative, technical, and physical controls in order to mitigate identified risks. Regulators require financial institutions to install technical controls in layers, including controls such as firewalls and antivirus software. IT auditors and examiners will look for evidence of a thorough risk assessment, make sure that written policies and procedures align with the assessment, and then verify that controls and daily practices are appropriate. This guidance is always changing, and financial institutions must adapt to regulator demands. Promptly responding to new guidance is critical in today’s highly regulated banking environment.
Having a thorough understanding of the threats cyber thieves present to your IT network is important to implementing a protection program. There isn’t a second of the day that hackers aren’t scanning the Internet looking for vulnerable community bank networks that can be exploited to gain access to confidential customer information.
To establish a secure IT network, banks must employ a strategy that places many layers throughout the network, from the end user to the Internet. Each community bank will have a different security approach based on their unique risks, but all financial institutions should implement a security plan that is able to prevent attacks, assess vulnerabilities and constantly update security measures as new technology assets are added.
Today, many smaller institutions are managing their security plans and procedures in-house; however, their IT departments are often understaffed. To help augment limited personnel many institutions are partnering with IT and security service providers to act as an extension of their organization and better manage their growing technology and security needs. The right technology service providers couple security measures with an understanding of and support for the unique compliance demands of the financial industry.
Financial institutions are under more pressure than ever to protect and manage their IT networks, but have limited time to devote to the ever-growing complexity of IT operations and enhanced regulatory requirements. Working with more than 600 financial institutions and managing more than 25,000 network devices nationwide has enabled Safe Systems to truly hone the skills and services necessary to help financial institutions significantly improve their security postures, decrease costs, and deliver compliance reporting to bank examiners.
For more information please download our complementary white paper, Best Practices for Control and Management of your Community Bank’s Information Technology.